All,
this release fixes several serious bugs that would make the DER
decoder in libtasn1 crash on invalid input. The problems were
reported by Evgeny Legerov on the 31th of January. New releases of
GnuTLS will follow later today.
We invite more detailed analysis of the problem, following our general
security advisory approach explained on:
http://www.gnu.org/software/gnutls/security.html
Particularly, it would be useful to answer the question of whether
these bugs are possible to exploit remotely. It is certainly possible
to cause the server to crash. We don't have resources to investigate
this problem more ourselves currently.
To make it easier for you to review this problem, I have prepared a
self test that trigger three bugs in the old libtasn1. It will be
part of GnuTLS 1.3.4, in tests/certder.c. I have also created a diff
between libtasn1 0.2.17 and libtasn1 0.2.18. I contains unrelated
fixes too, but it is not too large. It is available from:
http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
Please send your analysis to gnutls-dev at gnupg.org and I'll update the
security advisory web page pointing to it.
Libtasn1 is a standalone library written in C for manipulating ASN.1
objects including DER encoding and DER decoding. It is used by GnuTLS
to manipulate X.509 objects and by GNU Shishi to handle Kerberos
packets.
Version 0.2.18
- Fix out-of-bounds access in DER decoding, reported by Evgeny Legerov.
- Add 'const' keyword to some prototypes, thanks to Frediano ZIGLIO.
- Fixed typo in src/Makefile.am to make it build with objdir != srcdir,
thanks to Bernard Leak.
- Update of gnulib files.
- Typo fixes in comments, e.g. finish libasn1 to libtasn1 renaming,
use LGPL boiler plate on some files in lib/.
Commercial support contracts for Libtasn1 are available, and they help
finance continued maintenance. Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding Libtasn1
maintenance. We are always looking for interesting development
projects.
If you need help to use Libtasn1, or want to help others, you are
invited to join our help-gnutls mailing list, see:
<http://lists.gnu.org/mailman/listinfo/help-gnutls>.
Homepage:
http://josefsson.org/libtasn1/
Manual in many formats:
http://josefsson.org/gnutls/manual/libtasn1/
Here are the compressed sources:
ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.2.18.tar.gz (888KB)
http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18.tar.gz
Here are GPG detached signatures using key 0xB565716F:
ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.2.18.tar.gz.sighttp://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18.tar.gz.sig
Here are the SHA-1 checksums:
4f9c1be1586083cd605e17c7948f94deed63b024 libtasn1-0.2.18.tar.gz
08d625e5fbabee2710f9789c8508397e481b048b libtasn1-0.2.18.tar.gz.sig
Enjoy,
Nikos and Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 423 bytes
Desc: not available
Url : /pipermail/attachments/20060209/8a8d2205/attachment.pgp